Skip to content

Assembly Cheat Sheet

Assembly language is a low-level programming language that provides direct control over CPU instructions, registers, and memory. This Assembly cheatsheet focuses on x86/x64 assembly, offering a structured reference for syntax, instructions, registers, memory addressing, and practical low-level patterns commonly used in systems programming, reverse engineering, and performance-critical code.

Architecture & Syntax

  • Registers: EAX, EBX, ECX, EDX, ESI, EDI, EBP, ESP
  • Stack grows downward
  • Common on legacy systems
  • Registers: RAX, RBX, RCX, RDX, RSI, RDI, RBP, RSP
  • Extended registers: R8R15
  • Default on modern systems

Registers

General Purpose Registers

RAX  ; accumulator / return value
RBX  ; base register
RCX  ; counter
RDX  ; data register
RSI  ; source index
RDI  ; destination index
RSP  ; stack pointer
RBP  ; base pointer

Return values

Function return values are typically stored in RAX.

Data Movement

MOV

mov rax, 1
mov rbx, rax
mov rcx, [rax]     ; load from memory
mov [rbx], rcx     ; store to memory

LEA (Load Effective Address)

lea rax, [rbx + rcx*4]

LEA trick

LEA is often used for arithmetic without touching memory.

Arithmetic Instructions

add rax, rbx
sub rax, 1
imul rax, rbx
xor rax, rax   ; zero a register
inc rax
dec rax
XOR zeroing

xor reg, reg is preferred over mov reg, 0 for performance.

Comparison & Branching

CMP & Jumps

cmp rax, rbx
je  equal
jne not_equal
jg  greater
jl  less

Conditional Jump Summary

  • je / jz → equal / zero
  • jne / jnz → not equal
  • jg / jl → signed comparison
  • ja / jb → unsigned comparison

Control Flow

Unconditional Jump

jmp loop_start

Labels

loop_start:
    dec rcx
    jnz loop_start

Stack Operations

push rax
push rbx
pop rbx
pop rax

Stack alignment

On x64 System V ABI, the stack must be 16-byte aligned before call.

Function Calls

CALL & RET

call function_name
ret

Simple Function Example

function_name:
    push rbp
    mov rbp, rsp

    mov rax, 1

    pop rbp
    ret

Calling Conventions

  • Arguments: RDI, RSI, RDX, RCX, R8, R9
  • Return value: RAX
  • Arguments: RCX, RDX, R8, R9
  • Return value: RAX

ABI awareness

Always follow the platform ABI when calling external functions.

Memory Addressing

Addressing Modes

mov rax, [rbx]
mov rax, [rbx + 8]
mov rax, [rbx + rcx*4]
mov rax, [rbx + rcx*4 + 16]

Sections (ELF / PE)

section .text
section .data
section .bss
  • .text → executable code
  • .data → initialized data
  • .bss → uninitialized data

Data Definition

section .data
value   dq  10
buffer  db  "text", 0

Syscalls (Linux x64)

mov rax, 60     ; sys_exit
mov rdi, 0      ; status
syscall

Common syscalls

  • 0 → read
  • 1 → write
  • 60 → exit

Loops

mov rcx, 5
loop_start:
    dec rcx
    jnz loop_start

Bitwise Operations

and rax, rbx
or  rax, rbx
xor rax, rbx
shl rax, 1
shr rax, 1

Debugging Patterns

NOP sled

nop
nop
nop

Breakpoint

int3

Common Low-Level Patterns

Zero a register

xor rax, rax

Compare to zero

test rax, rax
jz is_zero

Fast loop counter

dec rcx
jnz loop_start